Full Disclosure mailing list archives
RE: meay-meay! (virus sent via full-discosure list)
From: "Bill Royds" <full-disclosure () royds net>
Date: Thu, 25 Mar 2004 08:36:59 -0500
This virus sent to the list shows the problem of complete lack of
moderation. What would be best is a filter that does a virus scan and WARNS
about possible virus, but does not block anything. You would still be
responsible for personal digital hygiene, but would have a flag to filter
on.
Here are the headers of this message with McAfee message and a whois on the
originating MTA IP.
Return-Path: <full-disclosure-admin () lists netsys com>
Received: from netsys.com (NETSYS.COM [199.201.233.10])
by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
for <full-disclosure () royds net>; Wed, 24 Mar 2004 17:17:19 -0500
(EST)
Received: from NETSYS.COM (localhost [127.0.0.1])
by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
i2OM4lJ28528;
Wed, 24 Mar 2004 17:04:47 -0500 (EST)
Received: from kermit ([62.38.237.28])
by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
for <full-disclosure () lists netsys com>; Wed, 24 Mar 2004 16:27:34
-0500 (EST)
To: full-disclosure () lists netsys com
From: macubergeek () comcast net
Message-ID: <qcwokkovsbsisnacbtp () comcast net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------sbeuunoxpacatulivtum"
Subject: [Full-disclosure] meay-meay!
Sender: full-disclosure-admin () lists netsys com
Errors-To: full-disclosure-admin () lists netsys com
X-BeenThere: full-disclosure () lists netsys com
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,
<mailto:full-disclosure-request () lists netsys com?subject=unsubscribe>
List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure () lists netsys com>
List-Help: <mailto:full-disclosure-request () lists netsys com?subject=help>
List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
<mailto:full-disclosure-request () lists netsys com?subject=subscribe>
List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
Date: Wed, 24 Mar 2004 23:27:25 +0200
****************** McAfee VirusScan ************************
******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
*********************************************************************
McAfee VirusScan has detected a potential threat in this e-mail
sent by macubergeek () comcast net.
The following actions were attempted on each suspicious part.
We strongly recommend that you report this virus-related activity
to macubergeek () comcast net.
The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
Virus(es).
This attachment has been cleaned.
===================whois for sending MUA ==========
03/25/04 08:29:36 whois 62.38.237.28 () whois ripe net
whois -h whois.ripe.net 62.38.237.28 ...
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 62.38.0.0 - 62.38.255.255
netname: GR-HOL-20010530
descr: Hellas On Line S.A.
descr: PROVIDER
country: GR
admin-c: HA194-RIPE
tech-c: CO95-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS3329-MNT
changed: hostmaster () ripe net 20010530
changed: hostmaster () ripe net 20031210 # gr.hol.aval via
https://lirportal.ripe.net
source: RIPE
route: 62.38.0.0/16
descr: HOL
origin: AS3329
mnt-lower: AS3329-MNT
mnt-routes: AS3329-MNT
mnt-by: AS3329-MNT
changed: tkor () hol gr 20010530
source: RIPE
role: HOL Administration
address: Hellas On Line S.A.
address: Harilaou Trikoupi 151
address: N. Kiffisia, Greece 14564
e-mail: admin () hol gr
trouble: Questions....... mail to: noc () hol gr
trouble: Spam Reports.... mail to: postmaster () hol gr
trouble: Abuse Reports... mail to: abuse () hol gr
admin-c: KK5841-RIPE
tech-c: AV845-RIPE
tech-c: TK583-RIPE
tech-c: CO95-RIPE
nic-hdl: HA194-RIPE
mnt-by: AS3329-MNT
changed: vicky () hol gr 19970821
changed: vicky () hol gr 19970826
changed: noc () hol gr 19981217
changed: aval () hol gr 20000110
changed: aval () hol gr 20010314
changed: aval () hol gr 20020121
changed: aval () hol gr 20030624
source: RIPE
role: HOL Network Operations Center
address: Hellas On Line S.A.
address: Harilaou Trikoupi 151
address: N. Kiffisia, Greece 14564
e-mail: noc () hol gr
trouble: Questions....... mail to: noc () hol gr
trouble: Spam Reports.... mail to: postmaster () hol gr
trouble: Abuse Reports... mail to: abuse () hol gr
admin-c: KK5841-RIPE
tech-c: AV845-RIPE
tech-c: TK583-RIPE
nic-hdl: CO95-RIPE
mnt-by: AS3329-MNT
changed: vicky () hol gr 19970821
changed: noc () hol gr 19981217
changed: aval () hol gr 20000110
changed: aval () hol gr 20010314
changed: aval () hol gr 20010320
changed: aval () hol gr 20010607
changed: aval () hol gr 20020121
changed: tkor () hol net 20030909
source: RIPE
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
macubergeek () comcast net
Sent: March 24, 2004 4:27 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] meay-meay!
The access is open !!!
password for archive: 01825
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- meay-meay! macubergeek (Mar 24)
- RE: meay-meay! (virus sent via full-discosure list) Bill Royds (Mar 25)
- Re: meay-meay! (virus sent via full-discosure list) KUIJPERS Jimmy (Mar 25)
- RE: meay-meay! (virus sent via full-discosure list) Bill Royds (Mar 25)